stupid stupid microsoft

[+theblazingangel]

why why why can't microsoft get simple things right :angry:

they just released critical security update KB931768, a new cumulative update to internet explorer.

apparently this update is supposed to replace KB928090, however THIS IS WRONG!!!

i just did a file comparison of KB931768 with KB928090 for the following copies of the patch:

- windows 2000 IE6

- windows XP x86 IE6

- windows XP x86 IE7

- windows server 2003 x86 IE6

- windows server 2003 x86 IE7

yes, KB931768 does replace the IE6 copies of KB928090 but does not replace the IE7 copies!!!

according to the security bulletin (http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx) the IE7 copies mentioned above should contain an updated copy of corpol.dll, version 7.0.6000.16441, however they do not!!! if they did then they actually really would replace KB928090 (which contains corpol.dll version 7.0.6000.16414) but they don't!!!

i've see loads of cockups before with file details data in KB articles and even in Microsoft SECURITY Bulletins! but infact here i'm guessing that it's not the data thats wrong, it's actually the patch, i actually believe they forgot to include one of the updated files!!!

the thing that really gets me though is that i have absolutely no way of talking to microsoft without paying to access a support help line. i wish they would assign our project or even neowin itself a damn contact who we can talk to about important issues like this. or perhaps they could just get simple things like including all the files and listing the correct details, right in the first place.

/end rant

[glutton4sw]

oook...is it just Corpol.dll thats not ver. 7.0.6000.16441 ? looking at the security bulletin those files are dated 6 or 7-Mar-2007..so the corpol.dll is still same version and date as in the Feb IE7 cumulative update? if you're sure its missing an update have you tracked which one it is? now vista is out the door theres gonna be more pain to come for w2k/xp users im sure :laugh:

/end agony aunt

[xyz123]

Not stupid, just LAZY. :sleep:

[prandal]

why why why can't microsoft get simple things right :angry:

according to the security bulletin (http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx) the IE7 copies mentioned above should contain an updated copy of corpol.dll, version 7.0.6000.16441, however they do not!!! if they did then they actually really would replace KB928090 (which contains corpol.dll version 7.0.6000.16414) but they don't!!!

Someone's mentioned this (and other discrepancies in May's updates) over at

http://blogs.msdn.com/ie/archive/2007/05/0...w.aspx#comments

[glutton4sw]

quote from above link:

Thursday, May 10, 2007 12:52 AM

I am comparing the files installed by KB931768 on Win XP SP2 and what is

listed on the page listed above and a number of files mismatch (ieapfltr.dat, ieapfltr.dll and ieudinit.exe), but one file, corpol.dll, listed as included in the patch wasn't actually in it. It was in the prior cumulative update so it seems like it should be in the update.

Is the file manifest wrong or was this accidentally left out?

Also the KB933668 patch for the Office 2007 Compatibility Pack lists that it

installs Xl12cnv.exe. I could not find that file, but I did find

excelcnv.exe which contains the same exact size, date, time and version

number. I also found an updated Wordconv.exe and Wordconv.dll not listed on

the web page.

[+theblazingangel]

good to know they might be learning of the problem. i had forgotten all about microsofts blogs, it's a good way to communicate with them!

[prandal]

good to know they might be learning of the problem. i had forgotten all about microsofts blogs, it's a good way to communicate with them!

I also dropped a line to the handlers over at http://isc.sans.org, citing this forum topic and crediting you, theblazingangel.

The big question on my mind is what happens if you take IE 7 RTM and apply this month's cumulative update only?

[tao muon]

So this one time, I had a flute, and it was out of tune. I complained and got a new flute. But then it was realized the new flute was wrong too so we were sent new valves.

Now, if I happened to have another old flute that was out of tune like the first and only asked for the new valves instead of the first upgrade plus the new valves, would I complain that I didn't get a whole new flute like the first?

But, I agree that it's dumb that an upgrade to an upgrade doesn't include the first upgrade's fixes too.

[+theblazingangel]

@prandal, awesome, thanks :)

[JustGeorge]

Sorry to jack the thread, but can someone explain whats with IE7 and the cumulative updates? I thought after 7 was released, there would be an end to the obligatory 7meg + IE security download each month? I'm on DSL, so its not a big deal, but it gets old @ work where the connection is slower.